CVE-2026-9397HIGH 8.1EPSS p42.1%

CVE-2026-9397CVE-2026-9397

Description

A weakness has been identified in Besen BS20 EV Charging Station up to 20260426. Affected by this issue is some unknown functionality of the component OTA Update Installation Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitation is known to be difficult. The original disclosure mentions, that "[t]hese vulnerabilities have been reported to Besen and we have received their acknowlegement that they are reviewing this as of April 2026."

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.56% probability of exploitation · percentile 42.1% · 2026-06-18T12:00:27Z
Published2026-05-24
Last modified2026-05-26

Underlying weaknesses· 2

CWE-266CWE-285

References

  1. https://github.com/carfeii/besen#finding-4-unauthorized-firmware-installation-via-spoofed-ota-updates
  2. https://vuldb.com/submit/813576
  3. https://vuldb.com/vuln/365378
  4. https://vuldb.com/vuln/365378/cti

2

TypeTargetConfidenceTier
WeaknessIncorrect Privilege Assignmentcwe-2660%live
WeaknessImproper Authorizationcwe-2850%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-20781
CVE
CVE-2026-25192
CVE
CVE-2026-27028
CVE
CVE-2026-29796
CVE
CVE-2026-22552
CVE
CVE-2026-10243
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.